feat(compliance): add content compliance detection across tenant, ops, and clients

Implements the Revision 8/9 compliance design: tenant + ops backends, ops-web
content-safety pages, admin-web editor/publish gate integration, desktop publish
block surfacing, and supporting migrations / shared types / config plumbing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-05 20:48:14 +08:00
parent 81577b6154
commit 745cdd79cf
73 changed files with 12747 additions and 1892 deletions
+46
View File
@@ -723,3 +723,49 @@
- `git diff --check`
- `go test ./internal/shared/config ./internal/shared/repository/postgres ./internal/ops/config`
- Temporary PgBouncer container attached to existing `server_default` network returned `SELECT 1` through PgBouncer, then was removed.
## 2026-05-04T20:51:36Z - Compliance Detection Implementation
- Started Phase 41 for the Revision 8 content compliance detection design.
- Re-read the design document sections covering data model, API contracts, publish gate ordering, manual-review lifecycle, ops pages, and test requirements.
- Confirmed the current code has no compliance module yet and that publish job creation currently bypasses content compliance entirely.
- Added Phase 41-43 to `task_plan.md` and recorded the initial backend/frontend integration findings.
## 2026-05-05T09:30:00+08:00 - Compliance backend integration
- Added tenant compliance HTTP APIs for runtime status, plain/article check, latest check, record-level ack, manual-review submit/latest/cancel, and tenant whitelist/blacklist terms.
- Wired `PublishJobService.Create()` through `GateForPublish`, including effective article version resolution, target platform aggregation, block/needs_ack errors with serialized check details, and transactional ack consumption.
- Exposed `ArticleDetailResponse.current_version_id` and extended desktop publish job creation with article/version compliance metadata.
- Added ops compliance service/handlers/routes for dictionaries, terms, policy, master switch, manual reviews, records, and stats.
- Verification passed: `go test ./internal/tenant/compliance ./internal/tenant/transport ./internal/tenant/app ./internal/tenant/repository ./internal/ops/app ./internal/ops/transport ./cmd/ops-api ./cmd/worker-generate`.
## 2026-05-05T10:45:00+08:00 - Compliance completion recovery
- Continued after the 429 interruption and completed the remaining compliance display/API gap.
- Added ops-web shared type aliases, content-safety navigation, and pages for policy, dictionaries, dictionary editing, manual reviews, manual-review detail, records, and stats.
- Added admin-web compliance publish/editing integration, including editor checks, violation grouping, locate/highlight support, whitelist creation, publish gate handling, acknowledgement flow, and manual-review submission/cancel paths.
- Added LLM review AI-point reservation/completion/refund handling in tenant compliance jobs and wired the review worker to the configured LLM provider.
- Extended desktop publish task listing with publish-job compliance block metadata and updated desktop Publish Management to show `合规阻断`, record id, intercepted time, and a readable reason summary.
- Added admin-web publish status mapping/i18n for `blocked_by_compliance`.
- Verification passed:
- `go test ./internal/tenant/compliance ./internal/tenant/transport ./internal/tenant/app ./internal/worker/generate ./cmd/worker-generate`
- `go test ./...`
- `pnpm --filter admin-web typecheck`
- `pnpm --filter ops-web typecheck`
- `pnpm --filter @geo/desktop-client typecheck`
- `pnpm --filter admin-web build`
- `pnpm --filter ops-web build`
- `pnpm --filter @geo/desktop-client build`
- `git diff --check`
- Notes:
- Admin-web and ops-web production builds still warn about large chunks from existing Ant Design / Milkdown bundles.
## 2026-05-05T20:09:10+08:00 - Remove tenant compliance policy overrides
- Removed the ops-web tenant override route, menu item, API helpers, and `ComplianceTenantOverridesView.vue`.
- Removed the ops-api tenant policy override routes, handlers, service methods, audit action, and tenant override resolver branch.
- Changed `ops.compliance_policies` to an `id=1` global singleton with no `scope` / `tenant_id` columns; seed migrations and tenant-api policy loading now read/update that singleton directly.
- Updated the current compliance design doc, the archived v1 design doc, and planning notes so tenant policy overrides are no longer documented as a supported feature.
- Verification passed:
- `pnpm --filter ops-web typecheck`
- `go test ./internal/ops/app ./internal/ops/transport ./internal/tenant/compliance ./cmd/ops-api`